Please help me(New virus i Guess)

**Caius** · 05-06-2007, 20:43

Hello,

Im needing urgent help with my pc.This virus is really annoying.
I dont know how this virus came to my pc.
It activates itself every 20 min(not sure) and It closes all the windows and starts to make very strange things.

I had found rundll32.exe as a process when this attack started.I closed it(witht the keyboard), and everything came to normallity.

Im not sure WTF is going on here.

Really urgent help i need.

**Whacker** · 05-07-2007, 02:55

Get a good virus scanner.

Also consider that you might have been hit with a bad rootkit, if your virus scanner turns up little or nothing. If that's the case, try to back up what you can, and then do (or have someone who knows how to) a full low level reformat and reinstall of your OS. Sorry, but that's the only surefire way of getting rid of a rootkit no matter what people will tell you, those "cleaners" and "removers" only do a halfassed job, and most of the time the damage is already pretty extensive.

**drone** · 05-07-2007, 17:36

Search your registry for rundll32.exe. You should find 1 or more entries that point you to a dll file somewhere, probably in your system32 folder. Boot your PC in safe mode, delete the registry entries, and delete the file being executed. I don't think there are any normal system tasks that use rundll32. This might do it.

**Stig** · 05-07-2007, 17:41

Don't delete rundll32.exe, it's required for your PC to function

Do a search for it, it should be placed under C:\Windows\System32
if it's somewhere else as well delete those.

I have StartUpMonitor which monitors new programs, and whenever I want to install something it gives a pop up that rundll32.exe wants to start that install.

**Togakure** · 05-07-2007, 17:56

I did a quick Google on rundll32.exe, and found this article, which speaks to "imposters" of the legit file. Scroll down the page to read about them. Perhaps investigating along these lines will identify the true culprit.

http://www.pcreview.co.uk/startup/rundll32.exe.php

This was only one of many returned links from Google. Whenever I find an executable runnning in Processes that I don't recognize or understand, I Google it and read up. I've found this quick check to be enlightening in most cases.

StartupMonitor, Sygate Firewall, AVG Antivirus, Spwyware Blaster, and Spybot--all free for personal use--have kept me problem free since I picked up this new PC. That, and being careful about where I surf. Consider using these or similar products available via the 'net to reduce risk of infections.

**Caius** · 05-07-2007, 20:09

The problem seemed to leave.

It was strange.Thanks for the help given anyway.

**drone** · 05-07-2007, 22:17

Originally Posted by Stig

Don't delete rundll32.exe, it's required for your PC to function

Do a search for it, it should be placed under C:\Windows\System32
if it's somewhere else as well delete those.

I have StartUpMonitor which monitors new programs, and whenever I want to install something it gives a pop up that rundll32.exe wants to start that install.

Just to clarify, I didn't mean delete rundll32.exe, but to delete the dll library it is kicking off in the registry entry.

All's well apparently, which is good news.